Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

Mageia 2025-0092: firefox & nss Security Advisory Updates

mageia
Calendar Grey March 12, 2025
Scroller Mageia
Mageia updates fix critical firefox and nss vulnerabilities to safeguard against potential exploits and improve browser security.
CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free ...

Summary

CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC during RegExp bailout processing CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8

References

- https://bugs.mageia.org/show_bug.cgi?id=34064

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_109.html

- https://www.firefox.com/en-US/firefox/128.8.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/

- https://www.cve.org/CVERecord?id=CVE-2024-43097

- https://www.cve.org/CVERecord?id=CVE-2025-1931

- https://www.cve.org/CVERecord?id=CVE-2025-1932

- https://www.cve.org/CVERecord?id=CVE-2025-1933

- https://www.cve.org/CVERecord?id=CVE-2025-1934

- https://www.cve.org/CVERecord?id=CVE-2025-1935

- https://www.cve.org/CVERecord?id=CVE-2025-1936

- https://www.cve.org/CVERecord?id=CVE-2025-1937

- https://www.cve.org/CVERecord?id=CVE-2025-1938

Resolution

SRPMS

- 9/core/firefox-128.8.0-1.mga9

- 9/core/firefox-l10n-128.8.0-1.mga9

- 9/core/nss-3.109.0-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 12 Mar 2025
URL: https://advisories.mageia.org/MGASA-2025-0092.html
Type: security
CVE: CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1938

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.